Up to two million Android smartphone users may have downloaded malware through infected apps from the Google Play Store. Even more alarming - the malware may have been active on devices for up to five months, according to Check Point Security earlier this week.

FalseGuide malware has been identified in at least 50 guide apps for popular games, the San Carlos, California-based cybersecurity company confirmed. Google was notified of the malware, and the apps were removed from its store.

The infected apps were submitted under fake names "Sergei Vernik" and "Nikolai Zalupkin."

FalseGuide is an especially virulent type of malware - it can access a user's private data, prevent the deletion of the infected app, root the device and more. It can even infiltrate private networks.

"FalseGuide creates a silent botnet out of the infected devices for adware purposes," Check Point explained. "A botnet is a group of devices controlled by hackers without the knowledge of their owners."

Game guide apps that include instructions for popular titles are favored by hackers for a number of reasons.

"Guiding apps are very popular, monetizing on the success of the original gaming apps," said Check Point. They also require very little maintenance and updates - a convenient way for cyber criminals to reach Android users.

Applications infected with malware are becoming problematic for Android app developers and consumers. As of last spring, an estimated 1.3 to 1.4 billion people owned Android phones.

Android smartphone users are more likely to download malicious apps than Apple iPhone owners. Last month, cybersecurity company Palo Alto Networks discovered 132 Android apps infected with malware in the Google Play store. The Google-developed operating system is "more open and adaptable," said security software company Sophos.